This all seems very complex and not portable -- not everyone has proc.
Why are you hiding your usernames/passwords anyway? The only time this may be required is when you are sharing a server with other people. If security is a concern you will probably be using a dedicated server anyway.
If you have a lot of users, then file system permissions should be enough anyway -- only the uid your cgi scripts execute under should have read permissions to this file. Your password files should not be in the web root.
Why not put these in the environment, then you can use %ENV to get at them. Then your passwords are stored only in your webserver config files. btw, this doesn't scale if you have more than one database.
When it comes down to it, shouldn't you have your database server only configured to accept connections from your webserver anyhow?
Just some thoughts. |